Ever since the first embedded controller shipped with an onboard RJ45 Ethernet port in the 1990s, SCADA and Industrial Control Systems have been converting from legacy serial protocols and slow dedicated circuits to a new converged TCP/IP world were voice, video, corporate data, telecom information, security systems, and SCADA protocols all coexist and operate over the same physical media. The need to find a more effective way to manage all of these services and systems, and the ability to lower costs, has driven the move to TCP/IP, routable protocols, and IP convergence.
Transitioning to this new converged network design is not straight forward, and there are many design constraints like disaster recovery, business continuity, bandwidth requirements, and security that can throw several different variables into the design. The new standards and regulations (i.e. ISA99, NERC CIP, and CFATS) complicate the issue by adding additional network segmentation, access control, authentication, and physical 6-walls security requirements. We are often asked by our clients to review their new network designs, and provide a third-party evaluation and verification of the network architecture to help ensure that the network design will meet the changing compliance requirements, and also be resilient enough to withstand today’s evolving threats.